Tag Archives: Citrix

What Is Desktop Virtualization?

Leave a reply

Desktop virtualization is the use of several virtualization technologies, either together or separately. Let’s look at each of these cases in turn:

  • When “desktop virtualization” is used to describe making it possible for people to access a physical or virtual system remotely, access virtualization technology is used to capture the user interface portion of an application. It is then converted to a neutral format and projected across the network to a device that can display the user interface and allow the user to enter and access information. This means that just about any type of network-enabled device could be used to access the application. Suppliers such as Citrix, Microsoft, and VMware offer client software for tablets, smartphones, laptops, and PC, making it possible for users of those devices to access the applications running elsewhere on the network.
  • When “desktop virtualization” is used to describe encapsulating an application using client-side application virtualization technology and then projecting it in whole or piecemeal to a remote system for execution, the application could either remain on that client device or be deleted once the user completes the task, depending on the settings used by the IT administrator. This means, of course, that the client system has to run the operating system needed by the application. So, Windows applications, for example, would need to run on Windows executing on a PC or laptop.
  • When “desktop virtualization” is used to describe encapsulating the entire stack of software that runs on a client system, the phase starts to take on a great deal of complexity. That encapsulated virtual client system becomes highly mobile. Here are the possibilities:
  • One or more virtual client systems could execute on a single physical client system. This allows personal applications to run side by side with locked-down corporate applications.
  • Local execution. Virtual client systems could run on a local blade server. The user interface is projected to physical PCs, laptops, or thin client systems using access virtualization technology.
  • Remote execution. Virtual client systems could run on a server that resides in the organization’s data center. The user interface is projected to physical PCs, laptops, or thin client systems using access virtualization technology. Since the industry is using the same phrase to describe all of these different approaches, the concept of desktop virtualization can be quite confusing to those unfamiliar with all of the different types of technology that could be pressed into service.

Author: Dan Kusnetzky
Source

Desktop Virtualization Improves Security

Leave a reply

One of the main reasons for deploying desktop virtualization is the security advantages it can provide, such as keeping sensitive data off the endpoint, according to Citrix.

And Citrix is practicing what it preaches at its Ft. Lauderdale, Fla., headquarters where employees, for example, use the Citrix virtualization product Citrix Receiver for smartphones and tablets.

Citrix Receiver brings full-fledged desktop apps to smartphones and tablets

“It’s required to access some systems such as SAP,” says Kurt Roemer, chief of security strategy at Citrix. “And we don’t have to roll out an SAP client. It’s up to date and the exact configuration. You’re just interacting with the application.”

While businesses all operate in different circumstances, there are general aspects of desktop virtualization that hold appeal to IT departments that have fought unending battles to try and keep unwanted applications off user desktops, patch applications, and cope with the stray malware eruptions.

“It gives IT back control,” Roemer says. “It allows for risk-based access, and the decision on whether to allow the data to be taken offline.” The company managers can set policies related to saving or printing data, for instance. Although for those needing data offline, desktop virtualization doesn’t preclude use of encryption, for example.

Applications made available through desktop virtualization — Citrix offers Xen Desktop, which can run on top of VMware, Microsoft Hyper-V or the Citrix hypervisor — are consistent across the user base and patch updates to them are consistent, even while access to applications is more flexible.

“This is very beneficial for security,” Roemer notes, adding that it allows for flexibility in deciding how to centrally establish management and security controls.

It’s evident from the survey of 1,100 senior IT managers and decision-makers worldwide that was published today that there’s also widespread expectation that desktop virtualization will be used in a complementary fashion with cloud-based services and various security controls.

The survey, “Desktop virtualization and security: a global market research report,” found 91% of the respondents said they already have or will have desktop virtualization implemented by the end of 2013 in their organizations, of which all have at least 500 employees.

In addition, they said they plan to complement desktop virtualization with cloud-based services and additional security measures such as data-loss prevention, identity management, mobile-device management, VPN, threat management and authentication.

According to the survey, which didn’t identify which specific desktop virtualization technologies were being used, 33% have already deployed desktop virtualization to a significant level and a further 58% plan to do so before the end of 2013. The survey, sponsored by Citrix, was conducted by firm Vanson Bourne.

Author: Ellen Messmer
Source

Avoid Desktop Virtualization ROI Traps

Leave a reply

If potential cost savings are driving your desktop virtualization decision, beware the ROI killer: Over-provisioning.

Over-provisioning is a nice way of saying you’re throwing money away. That could happen in a variety of forms, such as buying infrastructure that it better suited for a much larger company, planning for growth that doesn’t happen, or not doing your homework on what other technology you’ll need to support virtualization. But fear of wasteful spending shouldn’t stop you in your virtual tracks; rather, it should motivate informed, careful decisions.

Raj Dhingra, CEO of NComputing, believes 2011 is a turning point in desktop virtualization deployments among small and midsize businesses. Dhingra, who left Citrix to take the NComputing helm in April, also said the broader field of virtualization vendors has taken note: “Everybody sees there is a big opportunity there.”

As the number of viable virtual desktop infrastructure (VDI) options for SMBs increase, Dhingra recommends paying close attention to four key areas when making a decision. Doing so can help minimize the over-provisioning risk and ensure a real return on the investment.

1. Look for platforms specifically designed for SMBs. While a vendor’s ability to scale with the growth of your company is important, don’t let your daydreams overshadow your actual needs–starting small can provide a bigger ROI in a shorter period time.

“Buy the shoe that fits rather than buying the shoe that’s two sizes bigger in hopes that you’re going to fit into it over time,” Dhingra said.

The most obvious place to look is the cost per seat: This often tops the $1,000 mark in enterprise platforms, which makes the total cost of ownership (TCO) and return on investment (ROI) case trickier for SMBs. “If it’s now costing you more than a PC, that’s your first red flag,” Dhingra said. He added that TCO/ROI analysis for a 100-seat deployment is not the same thing as a 100-seat proof of concept–with an expectation that several thousand seats will be added later.

It should be noted that for some SMBs, ROI isn’t just a matter of comparing virtual desktop versus traditional PC costs. At Infinity Sales Group, for example, both desktop support and power costs were major factors. For Silicon Valley Builders Group, mobility was the critical payoff in going virtual. In fact, the firm’s CIO noted in an interview that just comparing per-seat costs can be a dead-end: “It would be a hard sell. Virtualization is still something like $1,200 per user, versus a PC I can go buy at Fry’s for $500,” he said.

No matter your particular business case, cost-per-seat is obviously still important. The moral: Don’t pay for seats you don’t need.

2. Know your supporting infrastructure needs. Desktop virtualization doesn’t mean you’re leaving hardware behind. Make sure you have a complete understanding of the supporting pieces you need, both on the server or host side and the client side. For the former, this includes things like servers, storage, and networking equipment. On the client side, don’t forget to account for the actual devices–such as thin clients, for example–as well as your software needs.

Dhingra said not taking all the necessary components of VDI into account is a key budget pitfall for SMBs, particularly if the initial investment is based on an expectation of significant growth. It can also lead an organization to an infrastructure it’s ill equipped to manage.

“That means not only the capital to actually procure [VDI], but then do I have internal expertise within my company to actually deal with this and work with it?” Dhingra said.

3. How many vendors are you willing to work with? Another possible sign you’re headed down a path of over-provisioning: If your desktop virtualization project requires one or more multi-vendor components. This is likely a bigger issue for the “S” in SMB. While a midmarket firm with, say, 750 employees has more resources to manage multi-vendor platforms, a 50-person company might not want the potential headaches. More importantly, it might not have enough IT resources to do so. “It becomes a systems integration project that is typically suited to a larger company,” Dhingra said.

4. How soon until you’re up and running? You can’t really start the ROI meter until your deployment is complete, right? For budget-constrained SMBs, a multi-month (or even year-plus) VDI project adds hidden costs–another form of over-provisioning–that can immediately dull the shine of potential savings. Moreover, smaller companies usually thrive on their speed and agility–IT projects should be no different. Dhingra said IT pros at SMBs should factor training and skills developments here, too: If you lose two days at an off-site training, for example, that’s an expense–even if the event is “free.”

Source

How VDI Can Change The Desktop Management Game

Leave a reply

VDI can simplify the tasks that make desktop administrators hate their lives — the one-by-one operating system upgrades, Windows patch management, client hardware failures and end-user mishaps. But virtual desktops won’t solve any problems without proper planning and infrastructure.

In fact, many virtual desktop infrastructure (VDI) proofs of concept fail because of infrastructure, said Tom Scanlon, CIO of the Massachusetts College of Pharmacy and Health Sciences (MCPHS).

When MCPHS explored a move from physical desktops to VMware View virtual desktops last year, Scanlon quickly learned that the college’s infrastructure needed serious upgrades to handle the higher bandwidth, storage area network (SAN) and CPU power requirements.

“I thought we could support 24 desktops with our existing infrastructure during a pilot, and I almost pulled the plug because the response time was awful,” Scanlon said. “But that wasn’t the software’s fault; it was our hardware.

“Once we went through and refreshed the hardware, it was like night and day,” he added. “You have to have the right equipment, [or] you won’t get a good interpretation of how [virtual desktops] will work for you.”

The case for VDI

Despite the added infrastructure investments, VDI still made sense for MCPHS because the school had to simplify desktop management for the 19 IT pros who support 4,000 students plus faculty and staff at its three campuses. Plus, the college’s computer labs are on an accelerated refresh cycle of new PCs every two years. That cycle is expensive not only in terms of hardware, but also in IT support, Scanlon said.

MCPHS hired Salem, N.H.-based integrator Mosaic Technology to redesign its infrastructure. It did a SAN refresh with Dell EqualLogic iSCSI storage and updated IBM BladeCenter servers with six-core processors and maxed-out RAM, Scanlon said.

So far, the school has replaced about 700 desktops at computer labs in Boston, Worcester, Mass., and Manchester, N.H., with thin clients and VMware View 4.5 desktops using PC over IP (PCoIP). Scanlon said now that the virtual desktops are properly provisioned, the performance level is about the same as a regular PC, and it’s consistent.

“I haven’t had any complaints from the students, and believe me, if they weren’t happy, they’d be outside my office with pitchforks,” Scanlon said.

Scanlon chose View because MCPHS is already a VMware shop using ESX to virtualize servers. The lack of profile management in VMware View didn’t matter, because the college’s virtual desktops are all generic. A new desktop image is provided each time a new user logs in, and MCPHS uses Google Apps instead of locally managed Microsoft Office software to reduce storage requirements, he said.

The downside for end users is video performance, particularly over the wide area network (WAN), because View 4.5 doesn’t support PCoIP over the WAN. But PCoIP is supported over the WAN in View 4.6, which the college will upgrade to over the coming months.

The big benefit to students is that they don’t have to go to the college computer lab to run college-owned apps. “Now they can access all programs and applications from their own devices, from anywhere,” Scanlon said. “No one has to wait for a computer terminal anymore.”

Dustin Fennell, CIO of Scottsdale Community College in Arizona, moved to virtual desktops in 2008 for similar benefits. “Our primary reason was that the traditional black-box replacement cycle is expensive, inefficient and not sustainable when budgets are declining,” he said.

The college, which supports about 12,000 students per semester and more than 800 employees, uses Citrix XenDesktop and XenApp to deliver applications and data to remote students and faculty. Scottsdale Community also created a Web portal for end users to access college applications, including AutoCAD and Adobe Creative Suite 5, that are delivered from either XenDesktop 5 or XenApp, depending on the app.

“We moved to VDI because we want to get out of the business of managing desktops,” Fennell said. “Now we provide stateless personal desktops that follow users. And our apps actually perform better than they do on a brand-new computer, because we aren’t installing apps on the system, slowing it down.”

VDI also makes operating system upgrades much faster, MCPHS’s Scanlon said. In the past, his IT department used Symantec Ghost software to do Windows upgrades one by one. Now they can use that imaging tool with View to roll out multiple Windows 7 desktop images in minutes.

And when end users mess up their systems, IT can roll out a new desktop without having to touch the users’ machines. “Before, if someone had an application issue, we would have to take everything offline,” Scanlon said. “Now we can just update the image and tell the virtual desktop to rebuild, and the problem is fixed in a matter of hours.”

He said Scottsdale Community College is taking things a step further and moving toward an environment where there are no OSes on any client machines, and everything is virtual, Fennell said.

For a while, the college ran in hybrid mode, with some apps delivered from the Citrix environment and some apps running locally. Now, there are no locally installed apps, other than Microsoft Office on Windows. “Eventually, there will be nothing on the endpoint device,” he said.

VDI: An investment in efficiency

Moving to virtual desktops won’t reduce MCPHS’s IT costs for at least a few years because of startup expenses including licensing and infrastructure, but the college expects to see a return on its VDI investment within five years. For example, Scanlon said he spent about $300 per thin client, which is expected to last more than five years, versus $600 for the laptops that MCPHS bought every two years.

Scottsdale Community College funded its virtual desktop buildout using capital that would have been spent on PC replacements, and though VDI does cost more upfront, the long-term efficiencies are significant, Fennell said.

“Virtualizing your desktop environment may cost more, but if you think outside the box and look at what the end users want and need, between VDI and application virtualization, you can provide better access and better performance,” Fennell said. “We save $250,000 per year at this point, and now the IT department actually funds innovation grants…. It has been a transformational change for us.”

Source

The iPad’s Role In Catalyzing Desktop Virtualization

Leave a reply

The desktop virtualization market was chugging along at a decent albeit unspectacular pace before Apple’s iPad arrived and helped crystallize the Bring Your Own Device (BYOD) concept. Since then, the iPad has become the main onramp for companies looking to mobilize their work forces through the use of virtualization.

Executives were the first to bring the iPad into the workplace, but before long all types of employees were clamoring for the ability to access corporate desktops and applications from the devices. The phenomenon, and the speed with which it took hold, surprised solution providers. “People are demanding access to their applications with the device of their choosing,” said Dan Weiss, CEO and co-founder of Varrow, a virtualization solution provider in Greensboro, N.C.

Windows 7 migrations were expected to be the coming out party for desktop virtualization, and the iPad is now one of the primary devices contributing to the festivities. “The single greatest driver for desktop virtualization right now isn’t Windows 7, it’s the iPad,” said Mike Strohl, president of Entisys, a Concord, Calif.-based virtualization VAR. “IT departments in many organizations are responding to a massive wave of iPads in their user base.”

Companies are now well acquainted with the productivity gains to be reaped from the combination of iPads and virtualization. Citrix Systems last December polled nearly 5,000 iPad owners who use the devices for work and found that 46 percent said they’re more productive. And 13 percent of respondents said the iPad is a mission critical component of their job.

Entisys sold “millions of dollars” of desktop virtualization technology in the last quarter alone, the majority of which has been driven by iPad related services, according to Strohl. One Entisys customer recently signed off on a desktop virtualization deal that included the purchase of 6,000 iPads for use by the company’s mobile employees. Another customer, a major East Coast financial firm, is planning a project involving iPads and some 15,000 virtual desktop users.

The single greatest selling point for both customers, Strohl said, was Entisys’ ability to show running full desktops and applications running on the iPad using virtualization. “Pretty much every scenario we go into involves a demo that includes an iPad. They’re extremely effective conversation starters and deal closers,” he said.

Hogan Consulting Group, a Chesterton, Ind.-based solution provider with a large healthcare practice, is also seeing a growing tide of iPad related business. “Almost overnight, we started seeing hospitals getting requests from doctors that want to run their apps on the iPad when they’re walking around the hospital, said CEO Mike Hogan.”We had existing projects on the table that suddenly got amped up because of the iPad’s arrival.”

The iPad’s appeal spreads

The insurance industry is another emerging area for iPad and virtualization deployments. But interest isn’t limited to verticals — companies in every business sector are looking to leverage the combination of tablets and virtualization as a more cost effective, secure way of enabling their mobile workers.

“The bottom line is that tablets can now very easily access corporate resources and applications. We’re getting e-mails every day from customers asking about how to get their applications and desktops on the iPad,” Hogan said.

Of course, the iPad no longer has the tablet market to itself. New entrants like Samsung’s Galaxy Tab, HP’s forthcoming webOS powered TouchPad and a veritable army of Android tablets give companies plenty of devices to choose from. And vendors like Citrix and Wyse are keeping pace with the new arrivals by releasing software that brings access to corporate desktops and applications to these tablets.

The opportunity for solution providers lies in expanding virtualization implementations to get more applications and desktops functioning for their customers. Ensuring the smooth delivery of enterprise class applications to the iPad and other tablets through virtualization is an area that’s still relatively untapped, according to solution providers.

Weiss said companies see the benefits of virtualization and iPads but have concerns about whether they can offer adequate functionality for legacy applications. Client side software for the iPad and other non-Windows devices lacks maturity at this stage of the game, Weiss said, making it tough for IT to keep up with what features will and won’t work.

All of this is tricky because what works well for a Windows or thin-client device may be a challenge when running the application from a tablet. “Many tablets run operating systems that aren’t familiar to internal IT, and the required client software for these devices isn’t nearly as mature as their Windows device counterparts,” Weiss said.

Application usability, security and performance can also be challenges when implementing a virtual desktop environment with tablets, Weiss added. “Client-side software is still missing key features such as session encryption, straightforward pointing device functionality and bandwidth optimization,” he said.

User location is another variable that must be taken into account when mapping out an iPad virtualization project. “If users are in the same building as the infrastructure, that solution looks a lot different than if all users are remote all the time,” Weiss said. “The ideal scenario is on-premise, inside the company building — or in the same vicinity as the data center — but it’s rare that you find that.”

The iPad’s huge head start

Hogan said providing security on the network perimeter for iPad users is another service that can generate high margins for the channel. “These assessments typically involve looking at the infrastructure and even creating some secure ‘enclaves’ to allow certain types of applications and data to be delivered to the iPad,” he said.

Apple has a big head start with the iPad, which accounted for 93 percent of the tablet market in the third quarter of 2010, according to recent data from research firm ABI. Samsung’s Galaxy Tab has had modest success in its first few months on the market but isn’t eating significant chunks of Apple’s market share. Motorola’s Xoom looks like the next potential challenger to the iPad but its hefty price tag could slow its progress.

At this point, though, Strohl doesn’t think HP’s TouchPad tablet, Galaxy Tab, or any of the other Android tablets have much of a chance of matching the iPad’s popularity among businesses, even though newer tablets are being designed with security and manageability features for corporate virtualization deployments.

“I don’t see all those other ones taking on the same importance. Tablets are consumer driven, but the new devices coming out are more like corporate devices,” Strohl said. “I don’t see organizations turning around and saying you can’t use iPad, use these other tablets instead.”

Source

Virtualization on Mobile Devices: What’s Taking So Long?

Leave a reply

Despite years of marketing pressure and products that are simpler to use and more widely available, desktop virtualization hasn’t taken off to the extent that vendors and analysts expected even a few years ago.

The bring-your-own-device movement among end users, on the other hand, has lit a fire under the market for mobile device virtualization.

A survey released last month by telecommunications giant Mitel showed 90 percent of respondents expected virtualization to become more important in their companies, with the priority being first in mobile phones, second in cloud computing and third in desktop computing.

A Frost & Sullivan survey released in this week showed that only 5 percent of the 18.3 million tablets sold in 2010 were used in business, but that number could reach 30 percent by 2015. A June, 2010 Frost & Sullivan survey showed 49 percent of respondents expect tablets and smartphones to become the end-user computing platform of choice within a few years.

Unfortunately, the number of virtualization products available to connect those devices securely to corporate networks is far thinner than it appears from the marketing and hype surrounding the technology, says Ian Song, research analyst at IDC.

“Virtualization on mobile devices requires some pretty low-level coding, especially because there are so many kinds of hardware and firmware, and it changes pretty fast,” Song says. “Even if you’re going to stick with just Android, like VMware plans to do, there are already a lot of different versions, and another comes every three or four months.”

Citrix and VMware Plans

Citrix and VMware are both moving fast on products that would make smartphones and tablets good virtualization clients, but the rival firms are taking very different approaches.

VMware, as part of its Project Horizon mobile computing effort, is basing its mobile client on the Mobile Virtualization Platform — a Type II hypervisor designed to run on top of an existing operating system to support one or more additional virtual-smartphone OS/application-sets on top of that. VMware’s MVP is also designed to manage multiple profiles, to allow customers to switch from work to personal to other virtual environments — without losing configuration or applications set up for each.

Its Project Horizon, announced in August, creates a cloud-based set of personal configurations, applications and data that users can access from anywhere, from any device. Though primarily a desktop virtualization product, it can also make BYOD setups far more flexible, by not relying on the phone to contain all the data and applications, according to VMware.

VMware’s approach is to work with individual phone manufacturers to build its hypervisor onto their devices, focusing only on Android at this point.

VMware and LG Electronics introduced a virtualized Android phone in December that is expected to ship sometime early this year, followed by other LG Android devices.

A Speed Catch?

Type II hypervisors worked well enough on PCs, but far slower than “bare metal” Type I hypervisors because of the additional layer of software on top of the operating system, Song says.

On phones, which have much less processing power, Type I hypervisors could work much more effectively, but they depend on the ability of the developer to code them to an incredibly wide variety of hardware, Song says.

That’s Citrix’s strategy, and has been from the beginning, according to Citrix CTO Simon Crosby. The company has been shipping bare-metal hypervisor clients in its Receiver product line since it shipped an Android version in April, 2010 and plans to continue expanding the line.

Citrix has committed enough developers and resources not only to building the hypervisors, but also doing it quickly enough that a new Receiver version will be available any time a major new device ships, he says.

Even that won’t solve the overall problem of having no standard hardware or firmware, however, Song says.

“With Android, because it’s open and its hardware architecture is open, it’s not that difficult to virtualize,” he says. “The question is what happens when you get to a more closed architecture; I’m not even sure it’s legal to virtualize an iPhone at the hardware level.

“And on software [with a Type II hypervisor], forget about it,” Song says. “Apple is not going to let you come in and virtualize it to run another OS.”

Source

5 Most Surprising Things about the Cloud in 2010

Leave a reply

2010 was the year “cloud computing” became colloquialized to just “cloud,” and everyone realized “cloud,” “SAAS” and all the other xAAS’s (PAAS, IAAS, DAAS) were all different implementations of the same idea — a set of computing services available online that can expand or contract according to need.

Not all the confusion has been cleared up, of course. But seeing specific services offered by Amazon, Microsoft, Oracle, Citrix, VMware and a host of other companies gave many people in IT a more concrete idea of what “the cloud” actually is.

What were the five things even experienced IT managers learned about cloud computing during 2010 that weren’t completely clear before? Here’s my list.

1. “External” and “Internal” Clouds Aren’t All That Different

At the beginning of 2010 the most common cloud question was whether clouds should be built inside the firewall or hired from outside.

Since the same corporate data and applications are involved — whether they live on servers inside the firewall, live in the cloud or burst out of the firewall into the cloud during periods of peak demand — the company owning the data faces the same risk.

So many more companies are building “hybrid” clouds than solely internal or external, according to Gartner virtualization guru Chris Wolf, that “hybrid” is becoming more the norm than either of the other two.

“With internal clouds you get a certain amount of benefit from resource sharing and efficiency, but you don’t get the elasticity that’s the real selling point for cloud,” Wolf told CIO.com earlier this year.

2. What Are Clouds Made of? Other Clouds.

During 2010, many cloud computing companies downplayed the role of virtualization in cloud computing as a way of minimizing the impact of VMware’s pitch for end-to-end cloud-computing vision — in which enterprises build virtual-server infrastructures to support cloud-based resource-sharing and management inside the firewall, then expand outside.

Pure-play cloud providers, by contrast, offer applications, storage, compute power or other at-will increases in capacity through an Internet connection without requiring a virtual-server infrastructure inside the enterprise.

Both, by definition, are virtualized, analysts agree, not only because they satisfy a computer-scientific definition, but because they are almost always built on data-centers, hosted infrastructures, virtual-server-farms or even complete cloud services provided by other companies.

3. “Clouds” Don’t Free IT from Nuts and Bolts

Cloud computing is supposed to abstract sophisticated IT services so far from the hardware and software running them that end users may not know who owns or maintains the servers on which their applications run.

That doesn’t mean the people running the servers don’t have to know their business, according to Bob Laliberte, analyst at the Enterprise Strategy Group. If anything, supporting clouds means making the servers, storage, networks and applications faster and more stable, with less jitter and lag than ever before, according to Vince DiMemmo, general manager of cloud and IT services at infrastructure and data-center services provider Equinix.

Without bulletproof infrastructure, cloud computing is slow, he says, and end users won’t accept slow.

4. Tiny Things Make Big Differences

Virtualization enables many applications and operating systems to run on the same piece of hardware while thinking they each own the server themselves. The problem with that, according to IDC analyst Gary Chen, is that they all think they have the network interface and input/output bus to the processor to themselves, too.

On a server with a lot of guest OSes, the bottleneck to performance is no longer the speed with which data can move back and forth between the server and external storage; it’s the number of bits that can go through the data bus at one time, he says.

That’s one reason Virtual I/O is becoming a hotter topic, leading to what Forrester analyst John Rymer calls “distributed virtualization” — in which I/O, memory and other components are abstracted from each other as well as the guest OSes, and the definition of “server” changes to mean whatever resources an application needs right now.

5. “Year of Virtual Desktop, Wasn’t”

2010 was supposed to be the Year of the Virtual Desktop, as Microsoft, Citrix and VMware all competed to capture what analysts expected to be a wave of adoption from end-user companies.

Virtual desktops were a hot topic in 2010, but growth wasn’t nearly as big as analysts or vendors expected.

Instead of standardizing on virtual desktops and moving all their users immediately to make migration to Windows 7 easier, most companies adopted one of an increasing number of flavors of the technology, but only in places where it made most sense.

“We’re seeing a lot of tactical projects, but not a lot of strategic ones,” according to IDC analyst Ian Song.

That’s not to say there wasn’t a lot of growth or adoption of even DAAS versions. But 2010 was no tidal wave, Song says.

The two biggest reasons, he says, were the complexity and comparatively low ROI of desktop virtualization compared to virtual servers.

Another was the increasing focus even inside the enterprise of tablets, smartphones and other non-PC devices that have to be virtualized to become secure, reliable clients for enterprise applications.

“We’re expecting to hear a lot about that from Citrix and VMware and a lot of the phone companies after the first of the year,” Song says. “It’s going to be big.”

Source

2010 Saw the Dawn of Nation-State Cyber Wars: Citrix CTO

Leave a reply

Citrix CTO Simon Crosby looks back at 2010 in the cloud computing sector–and ahead at what 2011 may bring–and isn’t very comfortable with a number of things emerging on the security side of that very hot business.

Crosby has become a go-to resource for knowledge in virtualization, cloud computing and data security. He was founder and CTO of XenSource prior to its acquisition by Citrix for $500 million in 2007. Previously, Simon was a principal engineer at Intel, where he led strategic research in distributed autonomic computing, platform security and trust.

It’s Crosby’s job as the CTO of an international enterprise IT provider to maintain a big-picture view of what the trends are, where they’re going and how they will affect companies making strategic IT plans.

It’s not necessarily cloud infrastructure issues that worry Crosby. It’s protection of stored data and access to servers that keeps him up at night.

“This was the year when nation-state attacks started to happen,” Crosby said. “You’ve got Stuxnet, you’ve got the Chinese government attack on Google, and you’ve got WikiLeaks. My take is that every CIO should be shivering in a state of panic.”

Everybody’s long been aware of denial of service attacks and their potential, but Crosby thinks many people have become indifferent to these events, believing such an attack won’t happen to them.

“All of these have profound lessons for us,” Crosby told eWEEK. “We’re in a space of hyper-innovation, and that’s fueled by Moore’s Law on the client and the server, and Moore’s Law helping the network, so we get the network effect of that. And the network effect of that innovation is unbelievable.

World’s largest cloud: Conficker

“If you look at the world’s largest cloud, it’s probably something called Conficker. It has probably 30 million CPUs. It requires something like 20 terabits of bandwidth, and it’s for hire. You can hire it today, and point it at anything you want,” Crosby said.

“Think cloud now. Every single one of those hosts up there that are infected with Conficker–and there are still millions and millions of them–are all out there, and they can be remotely controlled and instructed to do something. It’s similar to the way the anonymous guys at WikiLeaks have been getting people to download and attack payload, and then they can remotely point that attack payload at any site they want to attack.”

For example, anonymous hackers have been able to put together an attack of 10GB per second and point it at Visa, PayPal, Amazon and a couple of other places to shut them down for various times, Crosby said.

“Conficker is still out there, and that’s 28 terabits/second. If that thing was pointed at any U.S. national interest or any national interest, it would go down in a heartbeat,” Crosby said.

So why hasn’t this happened yet, if there are people in the world devious and knowledgeable enough to activate this dangerous weapon?

“Well, it hasn’t yet for the same reason that nobody has launched an atomic bomb–it’s that big, right?” Crosby said. “It turns out that most of the Conficker stuff is relatively straightforward–denial of service and blackmail stuff in the hands of organized crime.

“But the scary thing is that this was the year [2010] that nation-states started to engage in cyber war actively–and everybody saw it for the first time.”

The Stuxnet worm, which appeared in July 2010, was a prime example, “wreaking havoc on the Iranian nuclear facilities,” Crosby said.

Stuxnet exploited four zero-day vulnerabilities in Windows and a vulnerability in Windows’ Print Spooler service to do its dirty work. Early versions of the virus abused Windows’ AutoRun feature in an effort to infect industrial control systems, Symantec revealed in September.

“The interesting departure [this year] is that we have started to see nation-states play an active role in these attacks,” Crosby said. “That is more threatening than the traditional bad guys who spam you with email or blackmail the gambling sites to say, ‘Your site’s going to be down until you pay me some money.’ ”

Crosby said that all these concerns point to the cloud as the best place to maintain a “survivable” application.

“Here’s a good example: Visa was nailed by the anonymous crew on WikiLeaks. But Amazon didn’t even blink when Anonymous pointed 10 gigabits of traffic at it. Amazon has this massive cloud that’s redundant, has multiple availability zones spread around geographical regions, and so on. So if you want to make your application survive a big attack, the place to run it is called the cloud.”

This is probably counter to what most people think in response to these attacks, Crosby said.

“Most people are going to want to close all the boundaries, run a private cloud, and get my head down in my bunker and hope that I’m secure,” he said. “But in that situation, you are more vulnerable than if you are automated. People are running around your infrastructure with USB sticks and everything else. That’s how WikiLeaks happened.”

When nation-states start pouring defense budget-sized amounts of money into cyber war, then we will see “very interesting attacks,” Crosby said. It has been estimated that it cost somebody “on the order of $10 million” to build Stuxnet, for example, Crosby said.

“We don’t know where it [Stuxnet] came from, but it’s pretty clear that it was organized by a nation-state because of the sophistication of the attack,” Crosby said. “Most attacks use a single vulnerability; Stuxnet used four–four that were previously unknown to anyone, including Microsoft. So that basically suggests that somebody had the Windows source code and used it [for that attack].”

Access to source code a major problem

Many governments have access to this source code, he said. Stuxnet also targeted very specific enterprise devices, Crosby said, and was not aimed at the average consumer.

“It was clearly targeted for political reasons, it cost a lot of money to do, and it was very robust,” Crosby said. “It still has not been cleared; it’s out there causing havoc.”

This trend is going to make IT managers sit up and take notice, he said.

“You may say, well, I have good people and procedures in place, but the more people you have involved, the more vulnerable you are–either through mistakes or deliberate sabotage,” Crosby said.

“That basically says you need to get on the cloud.”

Bradley Manning, the U.S. military IT assistant implicated in the WikiLeaks controversy, used a USB stick on a PC to access most of the information that ended up being published on the site.

“Now, if that organization had been using desktop virtualization, that would never have been allowed to happen. Every single device on every client is policy controlled for access, and you can shut these off. Any properly automated cloud would have prevented WikiLeaks from happening,” Crosby said.

Prior to founding XenSource, Crosby was the founder of CPlane Inc., a network-optimization software vendor, where he held a variety of executive roles. Before CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems.

He is author of more than 35 research papers and has patents on a number of data center and networking topics, including security, network and server virtualization, resource optimization and performance. In 2007, Simon was named one of InfoWorld’s Top 25 CTOs.

Source